AWSManagedMachinePool triggers multiple node rotations when bootstrap secret and AMI change together #5797
Description
/kind feature
When updating both the bootstrap data secret (proxied via MachinePool) and the AWSManagedMachinePool in a seemingly (both resources are actually updated independently) single apply (commonly done GitOps), the AWSManagedMachinePool controller triggers two separate node rotations instead of one.
This creates unnecessary churn and extends maintenance windows. This can be problematic when node rotations are slow due to tight PDBs.
Ideally the controller would either:
- Debounce launch template changes within a short window before triggering a node group update
- Provide a mechanism to batch changes (e.g., an annotation to signal "more changes coming")
- Allow controller to control when updates are triggered (e.g. annotation computed hash of AWSManagedMachinePool + Bootstrap)
** Workaround **
Currently using cluster.x-k8s.io/paused annotation on the AWSManagedMachinePool, applying changes, then removing the annotation. This is workable but less than ideal.
Environment:
- Cluster-api-provider-aws version: latest
- Kubernetes version: 1.32
- OS (e.g. from
/etc/os-release): Not Important